0

I am using PHPRunner and I am adding code to an event which will concatenate the 2 fields "AgentID" and "Client ID" separated by a "-". The code runs after the record has been added to the database. The code is being written inside php code and not in MySQL. My question is, What is the correct code to use as a sql statement inside php code that will accomplish this. I do not need connection portion of code.

I am using something like

$sql = "UPDATE Contacts SET GenClientId = '$AgentID."-".$ClientID' WHERE ClientID = '$ClientID'";
    $result=$conn->query($sql);

And I am not getting the results I need.

Laurel
  • 5,965
  • 14
  • 31
  • 57
Steven Wilson
  • 1
  • 1
    Please share more details. An `UPDATE` query will most probably not return anything. Besides that, your query is widely open for SQL injection – Nico Haase Dec 11 '20 at 21:17

2 Answers2

0

You can put vars in double quotes. Array items need a bit more formatting.

$sql = "UPDATE Contacts SET GenClientId = '$AgentID-$ClientID' WHERE ClientID = '$ClientID'";
  $result=$conn->query($sql);

You are wide open to SQL injection.

https://bobby-tables.com/php -- for some help on prepared statements.

Jason K
  • 1,406
  • 1
  • 12
  • 15
0

I would suggest to use Prepared Statements in order to avoid SQL injection possibility.

$stmt = $conn->prepare('UPDATE Contacts SET GenClientId = ? WHERE ClientID = ?');
$stmt->bind_param('si', $AgentID . '-' . $ClientID, $ClientID);
$stmt->execute();
Mikhail Prosalov
  • 4,155
  • 4
  • 29
  • 41
  • I am getting this fatal error when using this code:Fatal error: Uncaught Error: Call to a member function prepare() on null in /home/showingday/public_html/include/contacts_events.php:128 Stack trace: #0 /home/showingday/public_html/classes/addpage.php(289): eventclass_contacts->AfterAdd(Array, Array, false, Object(AddPage)) #1 /home/showingday/public_html/classes/addpage.php(315): AddPage->redirectAfterAdd() #2 /home/showingday/public_html/contacts_add.php(86): AddPage->process() #3 {main} thrown in /home/showingday/public_html/include/contacts_events.php on line 128 – Steven Wilson Dec 11 '20 at 21:33
  • Please make sure the $conn variable has your DB connection instance. – Mikhail Prosalov Dec 11 '20 at 21:41